Secure VPN infrastructures at the Edge – Welotec RAP
When it comes to managing a high number of distributed devices in the field, connectivity and device access is key. However, setting up a secure VPN infrastructure which combines IT and OT comes along with a high effort in handling and coordination, especially in the field of IT-Security. This includes e. g. establishing a secure connection, updating of certificates, or generating data flows.
Easy build up of secure VPN infrastructures to connect devices and machines
With our software solution Welotec RAP our customers benefit from a fully automated VPN infrastructure enabling connectivity and secure access to devices and machines in the field. It comes with an easy deployment, brings flexibility in case of applications and ads an additional security layer to the network infrastructure.
The advantages at a glance:
Easy Setup and Handling
- Automated certificate creation and updates via integrated PKI (Public Key Infrastructure)
- Compatible with all devices able to run containers or support OpenVPN
- Seamless Integration in third party systems via API
- Welotec VPN Container Client (VPN-CC) –virtual infrastructures with few clicks
- Independent of internet source or SIM Card – Edge devices can work behind a Firewall and with private IP addresses
- User-friendly web interface (individual settings, e. g. Branding & Design)
IT-Security & Connection
- Secure tunneling connection between VPN endpoint with direct access to end devices
- Automated firewall rules and automatic routing
- Auto-renewal of VPN certificates based on user requirements and guidelines
- Easy implementation in private networks via API
- End-to-end encryption according to the BSI standard
- Flexible user and rights management based on tags
High device compatibility and application flexibility for secure VPN tunnels
Depending on application and frame conditions, users face different challenges how to implement a secure VPN infrastructure. With Welotec RAP users are equipped with a solution opening a wide range of possibilities for best IT and OT convergence, also in the case of hardware retrofitting. Below please find a short overview of the relevant connection possibilities:
- Connection via Welotec TK800 Router. In case of mass deployment, the rollout can be managed via Zero-Touch-Provisioning (see use-case below).
- OpenVPN for stand-alone devices.
- VPN Container Client – Hardware independent software container generating virtual infrastructures with few clicks. Rollout can be deployed through Cloud, Docker Swarm or Kubernetes.
Implications for Business
The successful implementation of a VPN infrastructure not only has advantages in terms of the implementation process or IT security. It also provides users with access to important data, which nowadays is the most important resource for business success.
- Data gathering for increased efficiency and better decision making (e.g. maintenance or predictive maintenance)
- Improved analysis and processing through integration of data into third party systems via API (e.g. Big Data or Monitoring)
- Secure remote access to distributed devices and connected machines from all around the world – 24/7 access
- Increased efficiency through less effort in travel and staff presence
- Better service quality through predictive maintenance and reduced down-times
- Potential for new services and business models (e.g. Software-as-a-Service, Equipment-as-a-Service)
Use Case: building a VPN tunnel with Welotec RAP and Welotec TK800 4 G LTE Router
Welotec TK800 Router is pre-configured at Welotec Factory and SIM is installed.
Devices (e.g. 10x TK800 Router) are shipped to the customer
Customer install TK800 at the machine, connect 4G antenna, Ethernet Cable and Power.
TK800 is going online and showing up in the Remote Access Portal (self-registration).
Customer can activate TK800 in the Remote Access Portal and assign a configuration.
Configuration and Credentials are installed in the TK800.
Secure Remote Access from a Computer – over the Remote Access Portal – to the device behind the TK800 (e.g. a PLC) is seamless possible.